We use cookies to ensure that we give you the best experience on our website. By
continuing to browse, we are assuming that you have no objection in accepting cookies.
You can change your cookie
settings at any time.

Security risks in Web 2.0

Online socialising on Web 2.0 sites has rapidly become the new way to network and make friends, but it is also an easy way to become a victim of malware. Because as more users use Web 2.0 applications like social-networking sites, blogs, wikis and RSS feeds, cybercriminals are right behind them.

The most prominent threats posed by social networking sites fall into two categories: technical and social. Technically, Web 2.0 sites allow millions of people to post content and malicious users are constantly trying to post malware on these sites. Socially, the threat lies in the amount of personal information that people share on social networking sites like Google Plus, MySpace, Facebook, Twitter, Bebo, and LinkedIn. This information makes them more vulnerable to phishing attacks, as personalized attacks are far more credible.

First off, some examples of technical threats:

As Facebook continues to be the most popular social networking site, cyber-criminals keep doing their best to exploit it in every possible way.

In April 2011, a rapidly spreading scam was targeted at Facebook fans of the "Twilight" teen vampire movies. Scammers were pretending to be linking to a game promoting the upcoming movie "Twilight Breaking Dawn" starring heart throbs Ed Cullen and Kristen Stewart. However, by clicking on a "Play Now" link, users were clickjacked into announcing that they "Like" the link, thus spreading it virally across Facebook.

In the same period, Twitter was struck by a virally spreading worm that attempted to make money by scamming users into filling out surveys and viewing advertisements. The rogue Twitter app is known as Profile Spy and tricks people into installing it by promising to tell them who has been viewing their online microposts. “Wow! See who viewed your twitter with Profile Spy,” the come-on reads.

In October 2010, a warning was sent in response to a wave of fake contact requests via the social media platform LinkedIn. Unsuspecting users were lured into a trap via the seemingly well-intentioned e-mails and their PCs were infected with malware in an attempt to gain access to personal information.

Other attacks have tried to capitalise on the popularity of videos seen on sites such as YouTube by putting booby-trapped links on pages that show the short films. Various Wikipedia sites have also had to deal with such problems as they allow online users to add and edit content, thus opening the door to potential malicious content.

Social threats posed by Web 2.0 sites:

Internet Security experts believe that the popularity of social networking sites is allowing cyber-criminals to access information previously unobtainable and that phishers are using these sites to find targets for identity fraud.

People on social networking websites have a tendency to publish details about their lives, friends, loves, jobs and hobbies that they would never share with a stranger in a bar, and this information is invaluable to identity thieves. People often don't realise the significance of the information they are putting out on the Web and who may be accessing it. Fraudsters can use this information to steal an individual's identity and open accounts in their name.

In March 2011, an ID Analytics' Survey revealed that nearly 13 million Americans aged 18 or older will accept any social media connection request from a member of the opposite sex, regardless of whether or not they know that person. Other research showed that one in four social networking users had posted confidential personal information, such as their phone number or address, on their social networking profiles. So what criminals need to dive through dumpsters or steal snail mail when so many details are available simply by searching the Web?

The best security advice is to limit the personal information you make available about yourself online. For example, avoid putting your full date of birth on these sites, as well as the names of children or pets as these are often used as passwords. And remember to keep your BullGuard running!